Filter

WordPress 3.5.1 was released, a security and maintenance related update that is recommended to be installed as soon as possible on all live sites running on WordPress. According to the blog post over at the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.

Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime. The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as Java Update 11. The malware is packaged in a Java archive file called javaupdate11.jar that contains two Windows-based executables called up1.exe and up2.exe. When installed the programs open a back door to a command and control server.

An 8-inch Samsung Galaxy Note no longer exists solely in the realm of unicorns and Apple TVs. A Korean news site is reporting that Samsung mobile honcho JK Shin has confirmed plans to release a midsize version of the tablet. Samsung's game plan of late seems to be to cover all bases, with a wide array of smartphones and tablets that come in a variety of shapes, sizes, and price points. An 8-inch Galaxy Note to continue the trend could debut at February's Mobile World Congress.

Officially, IE10 on Windows 7 remains in Release Preview, a build that debuted Nov. 13, 2012. At the time, Computerworld speculated that a final release would occur before the end of 2012, basing its estimate on the development timetable for IE9. Instead, the browser will apparently launch in 2013. IE10's public feedback website (requires log-in using a Microsoft account) - contains a wide variety of bug reports, hinting that Microsoft still has work to do before shipping a final version.

Google launched the latest beta version of its Chrome browser (version 25) for the desktop and Android and this one is chock-full of new tools for developers. The most important update – and the one that Google chose to highlight – is the inclusion of the Web Speech API in Chrome. This will allow developers to integrate speech recognition into their web apps so that in the near future you’ll be able to talk apps into doing all sorts of things.

Google released the stable version of Chrome 24 yesterday, adding support for IndexedDB for apps that work better offline, mathematics formulas formatted with MathML, and faster JavaScript. The new version also comes with a range of security fixes, including two $1,000 bounties and one $4,000 bounty paid to people who found high-severity vulnerabilities. Because Chrome automatically downloads updates by default in part to patch holes as fast as possible, people just need to restart the browser to update it.

Mozilla on Tuesday shipped its newest browser, Firefox 18, which sports a revamped JavaScript engine and support for Macs with Apple's higher-resolution Retina displays. The open-source developer also patched 28 security vulnerabilities, more than two-thirds of them marked critical, Mozilla's highest threat rating, and revoked digital certificates that were initially thought to be in the hands of cyber criminals.

At its CES press conference yesterday, Nvidia announced Tegra 4, its next-generation quad-core processor for tablets and smartphones. Nvidia based Tegra 4 on ARM's latest Cortex-A15 architecture, which means that its processing power will be dramatically faster than the current Tegra 3 quad-core chipset, which is based on ARM Cortex A-9. In addition to the new architecture, Nvidia's Tegra 4 system-on-a-chip contains a whopping 72 graphics cores - six times what's built into in Tegra 3. It also includes Nvidia's first 4G LTE modem.

Microsoft issued a fix for a zero-day vulnerability in older versions of Internet Explorer that could allow attackers to gain control of Windows-based computers to host malicious Web sites. The company confirmed that it was investigating a remote code execution vulnerability in IE 6, IE 7, and IE 8 that could allow an attacker to use the corrupted PC to host a Web site designed to exploit the vulnerability with other users. Versions of the browser after IE 8 are unaffected.

Java 6 will be retired from security support in less than two months, and users and businesses should prepare now for its demise. Oracle will publicly patch Java 6 for the last time on Feb. 19, 2013. After that date, only enterprises with contract support plans will receive security updates, according to the Java support roadmap. That means consumers and most businesses should upgrade to Java 7 as soon as possible.